Ga naar inhoud

13-step plan for a data breach or cyber incident

When things go wrong, a fixed order helps. Use this 13-step plan as a checklist — adapt to your sector, insurance and contracts.

Book an informal conversation

ISO Ready helps you align policy, risk, and evidence — without endless document churn.

Review your ISMS approach in ISO Ready

13-step checklist when a breach or major cyber incident occurs:

  1. Assess the situation
  2. Call cyber insurer if applicable
  3. Assemble crisis team
  4. Immediate containment — preserve evidence
  5. Check NCSC reporting (~24h) under NIS2/Cbw
  6. Report to Dutch DPA within 72h if required
  7. Inform data subjects if high risk
  8. Consider alternative suppliers if needed
  9. Report to police if cybercrime
  10. Update DPA/NCSC filings on time
  11. Record in internal breach register
  12. Assess damage recovery options
  13. Prevent recurrence — root cause and review

← Back to data breach help

Key takeaways

  • Crisis team and containment before external comms.
  • Multiple clocks: NCSC, DPA 72h, contracts and individuals.
  • Always log internally.
  • Close with prevention and management review.

Run the ISO 27001 readiness scan

See where you stand before investing in documents or consultants.

Start the readiness scan